Protecting sensitive information
At Sprout Social, we're committed to safeguarding the personal data we process, but there are also ways you can be proactive in protecting your customers' data and prevent them from sharing sensitive information over social.
By setting up user permissions, establishing rules of engagement and having a quick action plan when personal data is shared on social, you can help protect your customers.
Setting up permissions
It's important to set up correct user permissions according to the level of access each Sprout user should have. This helps ensure that only the users who are trained on what can and can't be shared on social have access to post, delete and share this data. For more details on setting up permissions, review this help center article.
Establishing rules of engagement
It's also important to educate your team on the guidelines of how your audiences should be communicating on social to ensure a respectful and welcoming environment.
Note: You may want to add a disclaimer to your social profile, requesting that social media users refrain from sharing sensitive information and to route it to mediums off of social media.
Make sure that your team knows what to do in a situation where personally identifiable information (PII) is shared.
What information shouldn't be shared on social?
It's a best practice to not share any PII or personal data under GDPR over social. PII and personal data examples include:
- Full name
- Email address
- Home address
- Phone number
- Social Security number
- Any other special categories of personal data
What happens if PII is shared?
If PII or personal data was already posted on social via a message or other post, as a best practice, you should delete the message from your Smart Inbox. Read more on how to delete messages here. While deleting a message from the Smart Inbox removes it from Sprout, it doesn't remove the message from the network it was shared with. You should work directly with the network you received the message on to remove it.
How do I respond to someone who shared PII or personal data on social?
In the case that you find that someone shared PII or personal data with your company on social, Sprout recommends that you build the following phrase into your Asset Library as a clear and repeatable way to communicate with, and educate on, safely sharing information.
“Hi [name]. We wanted to flag the message you sent that included PII or personal data, which may be considered sensitive information that should not be shared over social media. To ensure that your data is protected, we recommend that you delete this message. Should you ever have any questions around how to define PII or personal data as it relates to your organization, please reach out to our Support Team [include support team contact information here].”
If you have any questions on these best practices to keep data safe, reach out to Sprout Support.